1. Field
One or more embodiments relate to methods, devices and computer programs to provide interoperability between traditionally incompatible security domains, architectures or access control protocols.
2. Description of the Related Art
When security architectures or access control protocols are incompatible, the authentication of users and authorization to access information between them presents a challenge. For example, one system may be utilizing a different security standard or protocol from that of another system and may not be readily interoperable or able to enforce access control policies. This creates systematic challenges when an access request to data needs to be authorized and enforced by different security architectures, or across different security systems using different access control protocols.
Further, organizations largely rely on the thoroughness of security administrators to give users access to information. More recent technology allows these decisions to be made with electronic policy rules but the enforcement of this methodology requires significant change to existing products. It is not currently possible to make automated or semi-automated (mechanized) authorization decisions that are enforced through the existing product Mechanisms—either Access Control Lists or Access Tokens. When two separate security domains exist, the problem of implementing access control policies over HTTP/REST/OAuth communication requires the ability to consume requests to access resources and enforce policies compliant with the trust framework.
These and other problems lead to a need for a solution which automates access control decisions to provide interoperability between incompatible security architectures or access control protocols, and integrates the enforcement of access control policies across incompatible security architectures or protocols. A solution is also needed to support cross-domain security interoperability, for example one that is used by both SAML/XACML and REST/OAuth protocols, among others.